If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Notice re Failed Login Attempts

Some Council members are contacting us because they received a notification from the board as follows....

Subj: Failed Login Notification on Small Wars Council

Someone has tried to log into your account on Small Wars Council with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address:

We have looked into this issue and are continuing to try to get in front of it. It's a filthy e-world we live in.

Enough users were getting these nuisance notifications that I have made a global change. It used to be that an unregistered user could see most things but had to register to post. Now you need to be logged in to see anything. That should prevent bots from trolling for usernames. We'll see if this is a temporary or permanent change.

There is clearly some funny business going on with a fairly unsophisticated attack. Basically, a web crawler or human is knocking on the front door of your account to see if it is unlocked. We have not seen any evidence that anyone's account has been been breached. You are right to take notice and be a little concerned. However, these system-generated notifications are sort of a backwards reminder that security measures are in place and are working -- the door was locked.

If you have a strong password on your account, we believe you are secure. If you want to tighten that up a bit, you can change your password in the Edit Your Details section of the User Control Panel.

FYI, we already have commercial IP blacklist security implemented, but that is centered on new account registration and posting, i.e. once they open the door. We are adding the offending IP addresses to an additional manual blacklist as they are identified, to try to stop the board software from even serving the front door up to be knocked on. Unfortunately, there are lots of different IP addresses involved. It's what those internet pests do.

We continue to consult with better-at-this-than-me folks to review what has been going on and vet our security protocols. We're up to date on security patches, etc. Bottom line:

Last edited by SWCAdmin; 03-03-2015 at 02:03 PM.
Reason: Updated for what we know now.

We're continuing to get a trickle of these front door probes from various IP addresses. Our forum software is up to date with its security patches. We are manually blocking bot IP addresses as they present themselves, but that's a reactive measure. We already blacklist IPs, but the package for doing that is oriented to new account registrations, not existing account entries.

All the resources we've consulted suggest this is just something that happens in the e-world, and that as long as you have a decent password your account is fine there is no cause for concern. We're working with some technical folks to see how to be more proactive. We still have no indication that any account has been accessed. The alerts members are receiving are indications that the basic security measures are working.

We have received about two dozen of these multiple failed login attempts over the last two weeks or so.

We have added all the offending IP addresses to our list of IPs that are banned from viewing the board at all. Almost all of them were unique and originating in various Asian countries. We have a much larger commercial blacklist of IPs, but that doesn't kick in until the login or registration attempt is successful at first.

We have consulted with several security folks who kicked our tires and confirmed that our appropriate controls are in place, up to date, and working. This is just something that happens in this pesky e-world.

Again, sorry for the nuisance to those who are being pinged. The advice in the first post here about having a good password and marching on continues to be the most sound and actionable intel we have found.

Someone has tried to log into your account on Small Wars Council with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 91.213.8.235

All the best,
Small Wars Council

Originally Posted by search on iplocation.net

91.213.8.235 :: Ukraine :: Luhans'ka Oblast :: Luhans'k

Which is interesting because Luhansk is one of the territories held by pro-Russian forces. Anyone else had this problem? If so, the site managers should probably flag it up.

Alleged false log in attempts

On 11 July 2015 I too received the following message purporting to be from the Small Wars Council:

Dear Tasmanian Devil,

Someone has tried to log into your account on Small Wars Council with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: 178.175.131.194